Location: Austin TX
Duration: 9 months+
Looking for a senior software security architect experienced with a broad set of Windows software technologies in the personal computing space. In this role, you will be responsible for working closely with technologists, architects and software engineers to enforce security SDL best practices throughout the development of Windows applications and services.
As a security subject matter expert (SME) the candidate will provide technical direction, oversight, and execution guidance for several ongoing and new projects.
Providing guidance to product teams relative to the application of the software development life cycle (SDLC) activities involving the use of security technologies related to the web applications, cloud computing products and services.
Conduct security reviews from high-level web application architecture to OS-level parameters and complex Azure interactions to meet security goals.
Develop security related modules and libraries to be used in .NET based applications (web and desktop).
Establish development practices for building secure applications from the ground-up.
Establish secure DevOps practices to ensure that security is considered and integrated in the build, test, and deploy cycle.
Potentially work with the Product Security Incident Response Team to provide assistance in the verification of security vulnerabilities and be available to coordinate with security researchers and product teams as needed.
Someone who is doing penetration testing on WIN, reviewing software and looking for security flaws with a software development background would be a good fit.
10+ years of relevant experience or equivalent combination of education and work experience.
Strong C, C++, C# coding skills, with emphasis on writing scalable code for Windows, Web in .NET.
Deep technical and architectural knowledge of Microsoft Windows (Web and Desktop apps).
Knowledge of and experience with public cloud providers Azure and/or AWS architecture, tools and cloud methodologies.
Familiarity with security and encryption support across Azure services including storage, data, apps, automation, and communication
Deep understanding of multiple Authentication models including OAuth2, Certificate Authentication, and multi-factor authentication (MFA).
Solid understanding of data and information security practices.
Working knowledge of security tools: Fortify SCA, Coverity, Black Duck, Palamida, Splunk, etc.
Fundamental understanding of cryptographic concepts and applied cryptography.
Understanding of Threat Modeling and experience with DFD’s and Threat Modeling tools.
Well versed in various types of exploits such as XSS, CSRF, Injection, Session Fixation, Buffer Overflows, OWASP Top Ten, etc.
Strong understanding of software development lifecycle, product development lifecycle, and Agile development methodologies.
Must have strong debugging and troubleshooting skills.
Bachelor's degree in Computer Science, Computer Engineering, or related discipline, or equivalent work experience.
CISSP, GIAC, CISA and/or CSSLP preferred.
Professional Solution/Developer Architect certification or equivalent either from Azure or AWS.